Opened 19 years ago

Closed 18 years ago

#1808 closed task (fixed)

linux-2.6.16.25

Reported by: Matthew Burgess Owned by: bdubbs@…
Priority: high Milestone: 6.2
Component: Book Version: SVN
Severity: major Keywords: security
Cc:

Description

Change History (13)

comment:1 by archaic@…, 19 years ago

Owner: changed from lfs-book@… to archaic@…
Status: newassigned

comment:2 by Matthew Burgess, 19 years ago

Summary: linux-2.6.16.20linux-2.6.16.21

Now 2.6.16.21 with a couple of local DoS fixes and another SCTP fix. Release announcement at http://www.ussg.iu.edu/hypermail/linux/kernel/0606.2/1171.html

comment:3 by Matthew Burgess, 19 years ago

Summary: linux-2.6.16.21linux-2.6.16.22

comment:4 by Matthew Burgess, 18 years ago

Summary: linux-2.6.16.22linux-2.6.16.23

Now 2.6.16.23. Fixes a remote crash in the SCTP code (CVE-2006-2934) and fixes a KConfig bug. Release announcement at http://www.ussg.iu.edu/hypermail/linux/kernel/0606.3/3026.html.

comment:5 by Matthew Burgess, 18 years ago

Summary: linux-2.6.16.23linux-2.6.16.24

Now 2.6.16.24. Fixes a local privilege escalation vulnerability in the prctl() system call. Release announcement at http://www.ussg.iu.edu/hypermail/linux/kernel/0607.0/1725.html.

comment:6 by bdubbs@…, 18 years ago

Owner: changed from archaic@… to bdubbs@…
Status: assignednew

comment:7 by bdubbs@…, 18 years ago

Status: newassigned

comment:8 by bdubbs@…, 18 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 7652.

comment:9 by alexander@…, 18 years ago

Keywords: security added
Priority: normalhigh
Resolution: fixed
Severity: normalmajor
Status: closedreopened
Summary: linux-2.6.16.24linux-2.6.16.25

Security update. Example exploit for old version is available at http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047913.html (needs a.out binfmt support in the kernel, but there are other ways to exploit this).

comment:10 by alexander@…, 18 years ago

This update is reported to break some versions of HAL.

comment:11 by bdubbs@…, 18 years ago

What versions of HAL? Where is the report? These types of posts are of little use without details. What action is suggested?

comment:12 by alexander@…, 18 years ago

The report is referenced (very imprecisely, and it is certainly not on the hal list on fredesktop) at http://lkml.org/lkml/2006/7/14/309, but then Greg KH says that HAL 0.5.7 works for him.

comment:13 by bdubbs@…, 18 years ago

Resolution: fixed
Status: reopenedclosed

Updated to linux-2.6.16.26 at revision 7675.

Note: See TracTickets for help on using tickets.